Broadband Tech > Security > Security > Everything You've Been Told About Passwords Is Wrong

Everything You've Been Told About Passwords Is Wrong

This has almost been discussed until it is a worn out argument.

What will be the next layer for securing web access?

Thanks though for the reminder, a user cannot be told enough what passwords they use may ultimately break that lock on all of their privacy and worse case, funds they have saved over their life for retirement.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke

reply to antdude
I think RSA keys like the Blizzard Authenticator will be the big next step for more bank sites.

Also I would say that if someone lives alone, high complex passwords and a little black book of them is not a terrible idea. Because if someone gains access to the book they already have physical layer access to the computer and your home.

In general a secured password life gets harder as we have more passwords to remember. And in the office dwelling world one even has to deal with a bigger threat to security, the requirement to change passwords as short as every 30 days. Which usually leads to the old just adding a number.

Yes, that's exactly it - the problem of scale. Even using the article's advice of picking a phrase that's memorable to me(*), I still have to come up with a few dozen of them. Or some simple variation: but that leaves me open to "got one, figure out the rest" attacks.

(*) I offer as a suggestion "Y0urPassw0rdP0licySucks!" Except I'd use ruder words.

reply to antdude
Use a password manager.

reply to antdude
I use Kearnstd 's "little black book" technique, though in my case it's a few stapled sheets of paper instead of a little black book. For travel use, I keep a shorter version of it in my billfold. One added security trick I employ is to semi-encrypt the index titles with meanings that only I would know. For example:
sbmstp......9315-432 might be the full PIN for accessing my State Bank credit card
hmem1a......zz35_9a might be the access word for one of my Hotmail eMail accounts
ucbb2l......2trackball8 might be the log-in word for one of my Blackbird computers
wbbfli......er87dwx might be the log-in word for my Wilders forum Blackbird account
etc..

Because my index terms never really change over time, they become reflexively identifiable by me. The passwords do change frequently, so all I have to do is update the entries for the index terms and run a fresh version of my list... the master is kept robustly encrypted. The idea is to use only obscure, but personably-identifiable terms for the index terms. If a thief or stranger can't decipher what the index terms mean, there's no risk of the passwords being misused.
--
"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God!" -- P.Henry, 1775

reply to Kearnstd

reply to antdude


/M

Hey! That's my PW!

Yea, but you are the 'One'. It's ok.

reply to mackey
Now if only all systems accepted unlimited length passwords (not to mention spaces). I could easily expand some of my passwords that look like the first panel.. into passwords with much more entropy than the the one in the fourth...
--
Think Outside the Fox.

Yeah, wtf is up with requiring a symbol but not allowing spaces??

/M

Yea, and it causes a tear in the fabric of the Matrix, as well. Using the Force doesn't help.
--
I'm not anti-social, I just don't like stupid people.

Even Neutrinos are helpless. Master Yoda, where are you?
--
I'm not anti-social, I just don't like stupid people.